{"id":"https://openalex.org/W3198413005","doi":"https://doi.org/10.1145/3474718.3475718","title":"D2U: Data Driven User Emulation for the Enhancement of Cyber Testing, Training, and Data Set Generation","display_name":"D2U: Data Driven User Emulation for the Enhancement of Cyber Testing, Training, and Data Set Generation","publication_year":2021,"publication_date":"2021-08-09","ids":{"openalex":"https://openalex.org/W3198413005","doi":"https://doi.org/10.1145/3474718.3475718","mag":"3198413005"},"language":"en","primary_location":{"id":"doi:10.1145/3474718.3475718","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3474718.3475718","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Cyber Security Experimentation and Test Workshop","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://www.osti.gov/servlets/purl/1813180","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5049863244","display_name":"Sean Oesch","orcid":"https://orcid.org/0000-0002-6909-1022"},"institutions":[{"id":"https://openalex.org/I1289243028","display_name":"Oak Ridge National Laboratory","ror":"https://ror.org/01qz5mb56","country_code":"US","type":"facility","lineage":["https://openalex.org/I1289243028","https://openalex.org/I1330989302","https://openalex.org/I39565521","https://openalex.org/I4210159294"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Sean Oesch","raw_affiliation_strings":["Oak Ridge National Laboratory, United States of America"],"affiliations":[{"raw_affiliation_string":"Oak Ridge National Laboratory, United States of America","institution_ids":["https://openalex.org/I1289243028"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5012446017","display_name":"Robert A. Bridges","orcid":"https://orcid.org/0000-0001-7962-6329"},"institutions":[{"id":"https://openalex.org/I1289243028","display_name":"Oak Ridge National Laboratory","ror":"https://ror.org/01qz5mb56","country_code":"US","type":"facility","lineage":["https://openalex.org/I1289243028","https://openalex.org/I1330989302","https://openalex.org/I39565521","https://openalex.org/I4210159294"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Robert A. Bridges","raw_affiliation_strings":["Oak Ridge National Laboratory, United States of America"],"affiliations":[{"raw_affiliation_string":"Oak Ridge National Laboratory, United States of America","institution_ids":["https://openalex.org/I1289243028"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5027313610","display_name":"Miki E. Verma","orcid":null},"institutions":[{"id":"https://openalex.org/I1289243028","display_name":"Oak Ridge National Laboratory","ror":"https://ror.org/01qz5mb56","country_code":"US","type":"facility","lineage":["https://openalex.org/I1289243028","https://openalex.org/I1330989302","https://openalex.org/I39565521","https://openalex.org/I4210159294"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Miki Verma","raw_affiliation_strings":["Oak Ridge National Laboratory, United States of America"],"affiliations":[{"raw_affiliation_string":"Oak Ridge National Laboratory, United States of America","institution_ids":["https://openalex.org/I1289243028"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5021166489","display_name":"Brian Weber","orcid":"https://orcid.org/0000-0002-3261-5152"},"institutions":[{"id":"https://openalex.org/I1289243028","display_name":"Oak Ridge National Laboratory","ror":"https://ror.org/01qz5mb56","country_code":"US","type":"facility","lineage":["https://openalex.org/I1289243028","https://openalex.org/I1330989302","https://openalex.org/I39565521","https://openalex.org/I4210159294"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Brian Weber","raw_affiliation_strings":["Oak Ridge National Laboratory, United States of America"],"affiliations":[{"raw_affiliation_string":"Oak Ridge National Laboratory, United States of America","institution_ids":["https://openalex.org/I1289243028"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5111535677","display_name":"Oumar Diallo","orcid":null},"institutions":[{"id":"https://openalex.org/I1289243028","display_name":"Oak Ridge National Laboratory","ror":"https://ror.org/01qz5mb56","country_code":"US","type":"facility","lineage":["https://openalex.org/I1289243028","https://openalex.org/I1330989302","https://openalex.org/I39565521","https://openalex.org/I4210159294"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Oumar Diallo","raw_affiliation_strings":["Oak Ridge National Laboratory, United States of America"],"affiliations":[{"raw_affiliation_string":"Oak Ridge National Laboratory, United States of America","institution_ids":["https://openalex.org/I1289243028"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5049863244"],"corresponding_institution_ids":["https://openalex.org/I1289243028"],"apc_list":null,"apc_paid":null,"fwci":0.4803,"has_fulltext":true,"cited_by_count":4,"citation_normalized_percentile":{"value":0.67291977,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"17","last_page":"26"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9965999722480774,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7920202016830444},{"id":"https://openalex.org/keywords/emulation","display_name":"Emulation","score":0.6276677846908569},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5123854279518127},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.4743348956108093},{"id":"https://openalex.org/keywords/generative-model","display_name":"Generative model","score":0.47031867504119873},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.46855172514915466},{"id":"https://openalex.org/keywords/data-modeling","display_name":"Data modeling","score":0.4565529227256775},{"id":"https://openalex.org/keywords/hidden-markov-model","display_name":"Hidden Markov model","score":0.4550122618675232},{"id":"https://openalex.org/keywords/replicate","display_name":"Replicate","score":0.42588549852371216},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.4123903512954712},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.353083074092865},{"id":"https://openalex.org/keywords/generative-grammar","display_name":"Generative grammar","score":0.23250630497932434},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.1578982174396515}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7920202016830444},{"id":"https://openalex.org/C149810388","wikidata":"https://www.wikidata.org/wiki/Q5374873","display_name":"Emulation","level":2,"score":0.6276677846908569},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5123854279518127},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4743348956108093},{"id":"https://openalex.org/C167966045","wikidata":"https://www.wikidata.org/wiki/Q5532625","display_name":"Generative model","level":3,"score":0.47031867504119873},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.46855172514915466},{"id":"https://openalex.org/C67186912","wikidata":"https://www.wikidata.org/wiki/Q367664","display_name":"Data modeling","level":2,"score":0.4565529227256775},{"id":"https://openalex.org/C23224414","wikidata":"https://www.wikidata.org/wiki/Q176769","display_name":"Hidden Markov model","level":2,"score":0.4550122618675232},{"id":"https://openalex.org/C2781162219","wikidata":"https://www.wikidata.org/wiki/Q26250693","display_name":"Replicate","level":2,"score":0.42588549852371216},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.4123903512954712},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.353083074092865},{"id":"https://openalex.org/C39890363","wikidata":"https://www.wikidata.org/wiki/Q36108","display_name":"Generative grammar","level":2,"score":0.23250630497932434},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.1578982174396515},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.0},{"id":"https://openalex.org/C105795698","wikidata":"https://www.wikidata.org/wiki/Q12483","display_name":"Statistics","level":1,"score":0.0},{"id":"https://openalex.org/C50522688","wikidata":"https://www.wikidata.org/wiki/Q189833","display_name":"Economic growth","level":1,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3474718.3475718","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3474718.3475718","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Cyber Security Experimentation and Test Workshop","raw_type":"proceedings-article"},{"id":"pmh:oai:osti.gov:1813180","is_oa":true,"landing_page_url":"https://www.osti.gov/biblio/1813180","pdf_url":"https://www.osti.gov/servlets/purl/1813180","source":{"id":"https://openalex.org/S4306402487","display_name":"OSTI OAI (U.S. Department of Energy Office of Scientific and Technical Information)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I139351228","host_organization_name":"Office of Scientific and Technical Information","host_organization_lineage":["https://openalex.org/I139351228"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":null}],"best_oa_location":{"id":"pmh:oai:osti.gov:1813180","is_oa":true,"landing_page_url":"https://www.osti.gov/biblio/1813180","pdf_url":"https://www.osti.gov/servlets/purl/1813180","source":{"id":"https://openalex.org/S4306402487","display_name":"OSTI OAI (U.S. Department of Energy Office of Scientific and Technical Information)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I139351228","host_organization_name":"Office of Scientific and Technical Information","host_organization_lineage":["https://openalex.org/I139351228"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":null},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1645119126","display_name":null,"funder_award_id":"AC05-00OR22725","funder_id":"https://openalex.org/F4320306084","funder_display_name":"U.S. Department of Energy"},{"id":"https://openalex.org/G2296932962","display_name":null,"funder_award_id":"DE-AC05-00OR227","funder_id":"https://openalex.org/F4320306084","funder_display_name":"U.S. Department of Energy"},{"id":"https://openalex.org/G3299391273","display_name":null,"funder_award_id":"E-AC05-00OR22725","funder_id":"https://openalex.org/F4320306084","funder_display_name":"U.S. Department of Energy"},{"id":"https://openalex.org/G691578896","display_name":null,"funder_award_id":"DE-AC05-00OR2272","funder_id":"https://openalex.org/F4320306084","funder_display_name":"U.S. Department of Energy"},{"id":"https://openalex.org/G7995982022","display_name":null,"funder_award_id":"DE-AC05","funder_id":"https://openalex.org/F4320306084","funder_display_name":"U.S. Department of Energy"},{"id":"https://openalex.org/G834413596","display_name":null,"funder_award_id":"DE-AC05-00OR22725","funder_id":"https://openalex.org/F4320306078","funder_display_name":"U.S. Department of Defense"},{"id":"https://openalex.org/G8414908677","display_name":null,"funder_award_id":"DE-AC0","funder_id":"https://openalex.org/F4320306084","funder_display_name":"U.S. Department of Energy"},{"id":"https://openalex.org/G8799952057","display_name":null,"funder_award_id":"DE-AC05-00OR22","funder_id":"https://openalex.org/F4320306084","funder_display_name":"U.S. Department of Energy"},{"id":"https://openalex.org/G8906985441","display_name":null,"funder_award_id":"00OR22725","funder_id":"https://openalex.org/F4320306084","funder_display_name":"U.S. Department of Energy"}],"funders":[{"id":"https://openalex.org/F4320306078","display_name":"U.S. Department of Defense","ror":"https://ror.org/0447fe631"},{"id":"https://openalex.org/F4320306084","display_name":"U.S. Department of Energy","ror":"https://ror.org/01bj3aw27"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3198413005.pdf","grobid_xml":"https://content.openalex.org/works/W3198413005.grobid-xml"},"referenced_works_count":20,"referenced_works":["https://openalex.org/W1829816717","https://openalex.org/W1948664808","https://openalex.org/W1966775768","https://openalex.org/W1988918299","https://openalex.org/W2025440555","https://openalex.org/W2066636486","https://openalex.org/W2125838338","https://openalex.org/W2149726907","https://openalex.org/W2171070266","https://openalex.org/W2171313960","https://openalex.org/W2171496915","https://openalex.org/W2252638983","https://openalex.org/W2342204193","https://openalex.org/W2512397780","https://openalex.org/W2604601588","https://openalex.org/W2616695928","https://openalex.org/W2734442794","https://openalex.org/W2789828921","https://openalex.org/W2887742767","https://openalex.org/W3118474901"],"related_works":["https://openalex.org/W4254851101","https://openalex.org/W3171007296","https://openalex.org/W22115721","https://openalex.org/W2154523322","https://openalex.org/W2321234655","https://openalex.org/W2083200807","https://openalex.org/W2065444835","https://openalex.org/W4394550905","https://openalex.org/W1603137082","https://openalex.org/W4403123063"],"abstract_inverted_index":{"Whether":[0],"testing":[1],"intrusion":[2],"detection":[3],"systems,":[4],"conducting":[5],"training":[6,89],"exercises,":[7],"or":[8,39],"creating":[9],"data":[10,38,60,122],"sets":[11],"to":[12,44,70,98,182,207,226],"be":[13],"used":[14],"by":[15],"the":[16,71,84,88,143,155,199,205,209,213,229,241],"broader":[17],"cybersecurity":[18],"community,":[19],"realistic":[20,251],"user":[21,42,59,252],"behavior":[22,121,196,253],"is":[23,219],"a":[24,28,49,179,193,223,245],"critical":[25],"component":[26],"of":[27,62,81,93,142,145,154,198,231],"cyber":[29,224,233,242],"range.":[30],"Existing":[31],"methods":[32],"either":[33],"rely":[34],"on":[35,57,109,158],"network":[36],"level":[37],"replay":[40],"recorded":[41],"actions":[43,82,94],"approximate":[45],"real":[46],"users":[47],"in":[48,222],"network.":[50],"Our":[51,217],"work":[52],"produces":[53],"generative":[54,162],"models":[55,76,114,163],"trained":[56,69],"actual":[58],"(sequences":[61],"application":[63],"usage)":[64],"collected":[65],"from":[66,83,249],"endpoints.":[67],"Once":[68],"user\u2019s":[72],"behavioral":[73,156],"data,":[74],"these":[75],"can":[77,247],"generate":[78,120],"novel":[79],"sequences":[80,92],"same":[85],"distribution":[86],"as":[87,244],"data.":[90],"These":[91],"are":[95,115,189],"then":[96],"fed":[97],"our":[99,113,133,146],"custom":[100],"software":[101,126,137,218],"via":[102],"configuration":[103],"files,":[104],"which":[105,159],"replicate":[106],"those":[107],"behaviors":[108],"end":[110],"devices.":[111],"Notably,":[112],"platform":[116],"agnostic":[117],"and":[118,139,171,204,235],"could":[119],"for":[123,164],"any":[124],"emulation":[125],"package.":[127],"In":[128],"this":[129],"paper":[130],"we":[131,149,176,236],"present":[132],"model":[134,202],"generation":[135],"process,":[136],"architecture,":[138],"an":[140],"investigation":[141],"fidelity":[144],"models.":[147],"Specifically,":[148],"consider":[150],"two":[151],"different":[152],"representations":[153],"sequences,":[157],"three":[160],"standard":[161],"sequential":[165,201],"data\u2014Markov":[166],"Chain,":[167],"Hidden":[168],"Markov":[169],"Model,":[170],"Random":[172],"Surfer\u2014are":[173],"employed.":[174],"Additionally,":[175],"examine":[177],"adding":[178],"latent":[180,215],"variable":[181],"faithfully":[183],"capture":[184],"time-of-day":[185],"trends.":[186],"Best":[187],"results":[188],"observed":[190],"when":[191],"sampling":[192],"unique":[194],"next":[195],"(regardless":[197],"specific":[200],"used)":[203],"duration":[206],"take":[208],"behavior,":[210],"paired":[211],"with":[212],"temporal":[214],"variable.":[216],"currently":[220],"deployed":[221],"range":[225],"help":[227],"evaluate":[228],"efficacy":[230],"defensive":[232],"technologies,":[234],"suggest":[237],"additional":[238],"ways":[239],"that":[240],"community":[243],"whole":[246],"benefit":[248],"more":[250],"emulation.":[254]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":1}],"updated_date":"2026-04-13T07:58:08.660418","created_date":"2025-10-10T00:00:00"}